Commit 39456426 authored by Matija Obreza's avatar Matija Obreza
Browse files

Stub code for ACL editor

parent 240da443
......@@ -19,14 +19,16 @@ package org.genesys2.server.persistence.acl;
import java.util.List;
import org.genesys2.server.model.acl.AclEntry;
import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.model.acl.AclSid;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
public interface AclEntryPersistence extends JpaRepository<AclEntry, Long> {
@Query("select ae from AclEntry ae join ae.aclObjectIdentity aoi where aoi.objectIdIdentity = :objectIdIdentity")
AclEntry findByObjectIdentity(@Param("objectIdIdentity") long objectIdentityId);
@Query("select ae from AclEntry ae where ae.aclObjectIdentity = :aclObjectIdentity")
List<AclEntry> findByObjectIdentity(@Param("aclObjectIdentity") AclObjectIdentity aclObjectIdentity);
/**
* @param objectIdentityId
......@@ -89,4 +91,7 @@ public interface AclEntryPersistence extends JpaRepository<AclEntry, Long> {
@Query("select max(ae.aceOrder) from AclEntry ae join ae.aclObjectIdentity aoi where aoi.id = ?1")
Long getMaxAceOrderForObjectEntity(long aclObjectEntityId);
@Query("select distinct ae.aclSid from AclEntry ae where ae.aclObjectIdentity = :aclObjectIdentity")
List<AclSid> getSids(@Param("aclObjectIdentity") AclObjectIdentity objectIdentity);
}
......@@ -17,8 +17,12 @@
package org.genesys2.server.service;
import java.util.List;
import java.util.Map;
import org.genesys2.server.model.AclAwareModel;
import org.genesys2.server.model.acl.AclEntry;
import org.genesys2.server.model.acl.AclObjectIdentity;
import org.genesys2.server.model.acl.AclSid;
import org.genesys2.server.security.AuthUserDetails;
import org.springframework.security.acls.model.Permission;
......@@ -35,4 +39,14 @@ public interface AclAssignerService {
*/
List<Long> listIdentitiesForSid(Class<? extends AclAwareModel> clazz, AuthUserDetails authUser, Permission permission);
AclObjectIdentity getObjectIdentity(AclAwareModel entity);
List<AclEntry> getAclEntries(AclAwareModel entity);
List<Permission> getAvailablePermissions(AclAwareModel entity);
List<AclSid> getSids(AclAwareModel entity);
Map<AclSid, Map<Long, Boolean>> getPermissions(AclAwareModel entity);
}
......@@ -17,7 +17,9 @@
package org.genesys2.server.service.impl;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.genesys2.server.model.AclAwareModel;
import org.genesys2.server.model.acl.AclClass;
......@@ -49,6 +51,8 @@ public class AclAssignerServiceImpl implements AclAssignerService {
private static final Logger LOG = LoggerFactory.getLogger(AclAssignerServiceImpl.class);
private static ArrayList<Permission> basePermissions;
@Autowired
private UserService userService;
......@@ -64,6 +68,22 @@ public class AclAssignerServiceImpl implements AclAssignerService {
@Autowired
private AclSidPersistence aclSidPersistence;
static {
basePermissions = new ArrayList<Permission>();
basePermissions.add(BasePermission.CREATE);
basePermissions.add(BasePermission.READ);
basePermissions.add(BasePermission.WRITE);
basePermissions.add(BasePermission.DELETE);
}
@Override
@Transactional(readOnly = true)
public List<Permission> getAvailablePermissions(AclAwareModel entity) {
// Do not remove parameter. We may change available permissions based on
// parameter type!
return basePermissions;
}
@Override
public void addCreatorPermissions(AclAwareModel target) {
if (target == null) {
......@@ -118,12 +138,6 @@ public class AclAssignerServiceImpl implements AclAssignerService {
}
private void fullPermissionsSet(AclSid ownerSid, AclObjectIdentity objectIdentity) {
List<Permission> basePermissions = new ArrayList<Permission>();
basePermissions.add(BasePermission.CREATE);
basePermissions.add(BasePermission.READ);
basePermissions.add(BasePermission.WRITE);
basePermissions.add(BasePermission.DELETE);
// create Acl Entry
for (Permission permission : basePermissions) {
AclEntry aclEntry = new AclEntry();
......@@ -160,6 +174,40 @@ public class AclAssignerServiceImpl implements AclAssignerService {
return maxAceOrder != null ? maxAceOrder + 1 : 1;
}
@Override
@Transactional(readOnly = true)
public AclObjectIdentity getObjectIdentity(AclAwareModel entity) {
return aclObjectIdentityPersistence.findByObjectIdIdentityAndClassName(entity.getId(), entity.getClass().getName());
}
@Override
@Transactional(readOnly = true)
public List<AclEntry> getAclEntries(AclAwareModel entity) {
return aclEntryPersistence.findByObjectIdentity(getObjectIdentity(entity));
}
@Override
@Transactional(readOnly = true)
public List<AclSid> getSids(AclAwareModel entity) {
return aclEntryPersistence.getSids(getObjectIdentity(entity));
}
@Override
public Map<AclSid, Map<Long, Boolean>> getPermissions(AclAwareModel entity) {
Map<AclSid, Map<Long, Boolean>> perm=new HashMap<AclSid, Map<Long, Boolean>>();
List<AclEntry> aclEntries = getAclEntries(entity);
for (AclEntry aclEntry : aclEntries) {
Map<Long, Boolean> granted = perm.get(aclEntry.getAclSid());
if (granted==null) {
perm.put(aclEntry.getAclSid(), granted=new HashMap<Long, Boolean>());
}
granted.put(aclEntry.getMask(), Boolean.TRUE);
}
return perm;
}
// // private helpers
// private <T extends BusinessModel & AclAwareModel> void
// removeAssociations(T model) {
......
......@@ -17,6 +17,7 @@
package org.genesys2.server.servlet.controller;
import org.genesys2.server.model.impl.Team;
import org.genesys2.server.service.AclAssignerService;
import org.genesys2.server.service.ContentService;
import org.genesys2.server.service.InstituteService;
import org.genesys2.server.service.TeamService;
......@@ -46,6 +47,9 @@ public class TeamController extends BaseController {
@Autowired
private TeamService teamService;
@Autowired
private AclAssignerService aclService;
@RequestMapping("")
@PreAuthorize("hasRole('ADMINISTRATOR')")
public String viewAll(ModelMap model, @RequestParam(value = "page", required = false, defaultValue = "1") int page) {
......@@ -66,4 +70,21 @@ public class TeamController extends BaseController {
return "/team/details";
}
@RequestMapping("/{teamUuid}/permissions")
public String permissions(ModelMap model, @PathVariable(value = "teamUuid") String uuid) {
Team team = teamService.getTeam(uuid);
if (team == null) {
throw new ResourceNotFoundException();
}
model.addAttribute("aclAware", team);
model.addAttribute("aclPermissions", aclService.getAvailablePermissions(team));
model.addAttribute("aclObjectIdentity", aclService.getObjectIdentity(team));
model.addAttribute("aclSids", aclService.getSids(team));
// Map<AclSid, Map<Permission, Boolean>>
model.addAttribute("aclEntries", aclService.getPermissions(team));
model.addAttribute("backUrl", "/team/"+team.getUuid());
// FIXME Make src/main/webapp/WEB-INF/jsp/acl/editor.jsp work
return "/acl/editor";
}
}
......@@ -321,3 +321,12 @@ team.team-members=Team members
team.page.profile.title=Team: {0}
team.page.list.title=All teams
edit-acl=Edit permissions
acl.page.permission-manager=Permission Manager
acl.sid=Security Identity
acl.owner=Object Owner
acl.permission.1=Read
acl.permission.2=Write
acl.permission.4=Create
acl.permission.16=Delete
acl.permission.8=Manage
<!DOCTYPE html>
<%@include file="/WEB-INF/jsp/init.jsp"%>
<html>
<head>
<title><spring:message code="acl.page.permission-manager" /></title>
</head>
<body>
<h1>
<c:out value="${aclAware.class.name}" />
<small><c:out value="${aclAware.id}" /></small>
</h1>
<p>TODO FIXME Provide UI to view and manage ACL entries</p>
<p><spring:message code="acl.owner" />: <c:out value="${aclObjectIdentity.ownerSid.sid}" /></p>
<table class="accessions">
<thead>
<tr>
<td><spring:message code="acl.sid" /></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><spring:message code="acl.permission.${aclPermission.mask}" /></td>
</c:forEach>
</tr>
</thead>
<tbody>
<c:forEach items="${aclSids}" var="aclSid" varStatus="status">
<tr class="${status.count % 2 == 0 ? 'even' : 'odd'}">
<!-- TODO Show username or email/Role -->
<td><c:out value="${aclSid.sid}" /></td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" value="1" checked="${aclEntries[aclSid][aclPermission.mask] ? 'checked' : '' }" /></td>
</c:forEach>
</tr>
</c:forEach>
<tr class="${aclSids.size()-1 % 2 == 0 ? 'even' : 'odd'}">
<td>AUTOCOMPLETE</td>
<c:forEach items="${aclPermissions}" var="aclPermission">
<td><input type="checkbox" value="1" /></td>
</c:forEach>
</tr>
</tbody>
</table>
<button class="btn btn-primary"><spring:message code="save" /></button>
<a href="<c:url value="${backUrl}" />" class="btn btn-default"><spring:message code="cancel" /></a>
</body>
</html>
......@@ -11,6 +11,10 @@
<c:out value="${team.name}" />
</h1>
<security:authorize access="hasRole('ADMINISTRATOR') or hasPermission(team, 'WRITE')">
<a href="<c:url value="/team/${team.uuid}/permissions" />" class="btn btn-default"> <spring:message code="edit-acl" /></a>
</security:authorize>
<h4>
<spring:message code="team.team-members" arguments="${teammembers.size()}" />
</h4>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment